RE: [PATCH] ksmbd: fix use-after-free and NULL deref in smb_grant_oplock()

Next message: Wesley Atwell: "[PATCH net-next 1/3] selftests: packetdrill: stop pinning rwnd in tcp_ooo_rcv_mss"
Previous message: Martin Schiller: "Re: [PATCH 0/2] x86/cpu: P-state support for Lightning Mountain"
In reply to: ChenXiaoSong: "Re: [PATCH] ksmbd: fix use-after-free and NULL deref in smb_grant_oplock()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Werner Kasselman

Date: Tue Mar 17 2026 - 02:54:06 EST

format-patch grabbed the wrong diff, sorry. Homer D'oh!

-----Original Message-----
From: ChenXiaoSong <chenxiaosong@xxxxxxxxxxxxxxxx>
Sent: Tuesday, 17 March 2026 4:43 PM
To: Werner Kasselman <werner@xxxxxxxxxxx>; ChenXiaoSong <chenxiaosong@xxxxxxxxxxxxxxxx>; linux-cifs@xxxxxxxxxxxxxxx
Cc: linkinjeon@xxxxxxxxxx; smfrench@xxxxxxxxx; senozhatsky@xxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; stable@xxxxxxxxxxxxxxx
Subject: Re: [PATCH] ksmbd: fix use-after-free and NULL deref in smb_grant_oplock()

I just saw your v2 patch, and it seems to be the same as v1:
https://lore.kernel.org/linux-cifs/20260317063456.1696853-1-werner@xxxxxxxxxxx/

Thanks,
ChenXiaoSong <chenxiaosong@xxxxxxxxxxxxxxxx>

在 2026/3/17 14:36, Werner Kasselman 写道:
> I sent an earlier version of the patch by mistake. The version with the complete changes (including alloc_lease_table() split and add_lease_global_list() signature change) was committed locally but the email went out before the final amend. I apologise for the confusion.
>
> I will resend the correct patch as v2. The full diff is +45/-27 lines and includes:
> - New alloc_lease_table() helper (extracted from add_lease_global_list)
> - add_lease_global_list() changed to take preallocated lease_table, return type changed from int to void
> - smb_grant_oplock() restructured: set o_fp, preallocate, then publish
> - Error path uses opinfo_put() instead of __free_opinfo()